From 392bbd8d3189f28ced8b91f02e4409774561cea0 Mon Sep 17 00:00:00 2001 From: Somdev Sangwan Date: Thu, 4 Jul 2019 22:43:17 +0530 Subject: [PATCH] Optimized ordering of checks Hi there, First of all, thanks for creating this amazing tool, I love it. Well, some issues are more common than others. Prioritizing such issues can save 2 requests per website on an average (given that the website is vulnerable). It can fairly improve performance while mass scanning. --- corstest.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/corstest.py b/corstest.py index 1064315..4e75f4e 100755 --- a/corstest.py +++ b/corstest.py @@ -47,12 +47,12 @@ def check(url): elif re.findall("\*.", acao): invalid(url, 'Wrong use of wildcard, only single "*" is valid') elif re.findall("fiddle.jshell.net|s.codepen.io", acao): alert(url, "Developer backdoor") elif "evil.org" in cors(url, "evil.org"): alert(url, "Origin reflection") - elif "null" == cors(url, "null").lower(): alert(url, "Null misconfiguration") - elif host+".tk" in cors(url, host+".tk"): alert(url, "Post-domain wildcard") + elif cors(url, url, True).startswith("http://"): warning(url, "Non-ssl site allowed") + elif "sub."+host in cors(url, "sub."+url): warning(url, "Arbitrary subdomains allowed") elif "not"+host in cors(url, "not"+url): alert(url, "Pre-domain wildcard") if sld(host) else warning(url, "Pre-subdomain wildcard") - elif "sub."+host in cors(url, "sub."+url): warning(url, "Arbitrary subdomains allowed") - elif cors(url, url, True).startswith("http://"): warning(url, "Non-ssl site allowed") + elif host+".tk" in cors(url, host+".tk"): alert(url, "Post-domain wildcard") + elif "null" == cors(url, "null").lower(): alert(url, "Null misconfiguration") else: info(url, acao) elif acao != None and not args.q: notvuln(url, "Access-Control-Allow-Origin header not present") # TBD: maybe use CORS preflight options request instead to check if cors protocol is understood